RE: NBAR on Fastethernet

From: Victor Cappuccio (victor@ccbootcamp.com)
Date: Thu Feb 15 2007 - 13:18:43 ART

• Next message: Victor Cappuccio: "RE: NBAR on Fastethernet"
• Previous message: Ian Blaney: "Re: Shape average/peak"
• Maybe in reply to: Allan : "NBAR on Fastethernet"
• Next in thread: Victor Cappuccio: "RE: NBAR on Fastethernet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Allan, is working fine for me!

R1(config)#ip cef
R1(config)#
R1(config)#class-map match-all HTTP
R1(config-cmap)# match protocol http
R1(config-cmap)#class-map match-any FTP
R1(config-cmap)# match protocol ftp
R1(config-cmap)#
R1(config-cmap)#policy-map QoS_OUT_F0/0
R1(config-pmap)#
R1(config-pmap)#class FTP
R1(config-pmap-c)# police 10000 conform-action transmit exceed-action
drop
R1(config-pmap-c-police)# class HTTP
R1(config-pmap-c)# police 20000 conform-action transmit exceed-action
drop
R1(config-pmap-c-police)#
R1(config-pmap-c-police)#exit
R1(config-pmap-c)#int f0/0
R1(config-if)#ser in QoS_OUT_F0/0
R1(config-if)#! Did you tried to change the service policy application
direction?

Verification:

R1#copy http://7.7.7.7/Conf.html null:
Loading http://7.7.7.7/Conf.html !
1317 bytes copied in 1.420 secs (927 bytes/sec)
R1#show policy-map int f0/0
 FastEthernet0/0

  Service-policy input: QoS_OUT_F0/0

    Class-map: FTP (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol ftp
        0 packets, 0 bytes
        5 minute rate 0 bps
      police:
          cir 10000 bps, bc 1500 bytes
        conformed 0 packets, 0 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps

***************************************************************
* Class-map: HTTP (match-all) *
* 20 packets, 3786 bytes *
* 5 minute offered rate 1000 bps, drop rate 0 bps *
* Match: protocol http *
* police: *
* cir 20000 bps, bc 1500 bytes *
* conformed 19 packets, 3219 bytes; actions: *
* transmit *

* exceeded 1 packets, 567 bytes; actions: *
* drop *

* conformed 0 bps, exceed 0 bps *
* *
***************************************************************
    Class-map: class-default (match-any)
      41 packets, 3094 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
R1#

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hs
ec_c/part15/ch05/h_fwapc.htm

Nbar is kind of funny, it takes the HTTP outgoing request, and it
interprets the returned traffic.

Thanks,
Victor Cappuccio.
Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take
Cisco Learning credits!
mailto:brad@ccbootcamp.com
http://www.ccbootcamp.com (Cisco Training and Rental Racks)
http://www.ccbootcamp.com/groupstudy.html (groupstudy member discounts!)
Voice: 702-968-5100
FAX: 702-446-8012

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Allan
Sent: Thursday, February 15, 2007 12:02 AM
To: ccielab@groupstudy.com
Subject: NBAR on Fastethernet
Importance: Low

Hi

If NBAR does not work on the fast ethernet, I did the same policy apply
to
fa0/0 and s0/0 on a same router, fastethernet can' t policy the traffic.
any idea ?

ip cef

class-map match-all HTTP
  match protocol http
class-map match-any FTP
  match protocol ftp

policy-map QoS_OUT_F0/0

class FTP
   police 10000 conform-action transmit exceed-action drop
  class HTTP
   police 20000 conform-action transmit exceed-action drop

 policy-map QoS_OUT_S0/0

class FTP
   police 10000 conform-action transmit exceed-action drop
  class HTTP
   police 20000 conform-action transmit exceed-action drop

------------------------------------------>> apply to S0/0

R3#copy ftp: null:
Address or name of remote host [1.1.5.5]?
Source filename [P00307020400.bin]?
Accessing ftp://1.1.5.5/P00307020400.bin...
Loading P00307020400.bin !!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 129476/4096 bytes]

sh policy-map interface

Serial0/0

Service-policy output: QoS_OUT_S0/0
Class-map: FTP (match-any)
      712 packets, 32040 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol ftp
        712 packets, 32040 bytes
        5 minute rate 0 bps
      police:
          cir 10000 bps, bc 1500 bytes
        conformed 712 packets, 32040 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps

------------------------------------->>> apply to F0/0
sh policy-map interface

FastEthernet0/0

  Service-policy output: QoS_OUT_F0/0

    Class-map: FTP (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol ftp
        0 packets, 0 bytes
        5 minute rate 0 bps
      police:
          cir 10000 bps, bc 1500 bytes
        conformed 0 packets, 0 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps

• Next message: Victor Cappuccio: "RE: NBAR on Fastethernet"
• Previous message: Ian Blaney: "Re: Shape average/peak"
• Maybe in reply to: Allan : "NBAR on Fastethernet"
• Next in thread: Victor Cappuccio: "RE: NBAR on Fastethernet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:46 ART